Menu

Beginning with AWS CloudFormation – Part 1

One of my few new goals for this year is to get back to blogging regularly about stuff I’m learning or interested in. Keep a look out here for (hopefully!) more content this year than previous years which might have had just a handful of posts.

AWS CloudFormation is a utility that allows you to define AWS “infrastructure” as code in text files called Templates. You can use it to deploy almost anything via JSON or YAML scripts. The deployed resources are collectively called stacks. There are other IaC options here as well, like Terraform, but I think it is handy to know the native toolset as well. Plus if you are going for AWS certifications you’ll need to be familiar with it.

I wanted to use this series to walk through some simple examples that cover a lot of the functionality of CloudFormation. This will give you a good intro, as well as give you the reader the ability to begin writing some serious CloudFormation templates. I’ll also introduce the relevant documentation along the way. So let’s dive in.

Here is the general guide for CloudFormation from Amazon that is also useful. It is a bit more in depth (read: takes a lot longer to go through) than what we are doing here.

VPC

The first thing we are going to do is to build a Virtual Private Cloud via CloudFormation. This is the foundation of AWS environments. In CloudFormation, items we add like VPCs, EC2 instances, subnets, etc. are called Resources and go, surprisingly, in the Resources section.

For this example we are also going to use the CloudFormation designer available in AWS. I actually don’t really like this tool (it is missing IDE elements), but it is a visual tool that is handy to help us get started. CloudFormation is under the Management section of Services which you can find after logging in. Once there, click Design Template to open the designer.

The designer automatically makes associations and will make some editing easier. However once you get the hang of it, you are better off (my opinion) just doing your own deal in a text editor.

We want to find the VPC resource, which is a subset of EC2. If you didn’t know this, you could just google CloudFormation VPC and it would quickly lead you here:

So on the left hand side, expand the EC2 section and find the VPC object (not the VPCCidrBlock object) and drag it to the right hand canvas.

You’ll see your VPC object show up in the canvas selected, and so it will be in the bottom pane as well in the Resources section. It will have some random name for the object which you can change or leave, up to you. Mine happens to have the name EC2VPC1TEY9 which I don’t really care for, so I’ll just click the edit button next to the name in the bottom pane and rename it to TestVPC.

If you are following along, you’ll notice two things after you edit.

First, the name of the resource in the code block below (the tag under “Resources”) should change to your new name. This is pretty handy as this resource name identifies this amongst all your other elements. The designer automatically changes the name across all references, but if you change this identifier when you are coding in a text editor, you’ll need to make sure all references to it change as well.

Second, the top pane will dim and say it needs a refresh. This is because the name of the resource it refers to in the diagram has changed, so we need to refresh to get the new name showing. Simply hit refresh in the top right and it should look good with the new name on the VPC resource on the canvas. If you are working in the designer you’ll see a refresh needed fairly often. No big deal, just hit refresh and all is well.

So now we have a VPC resource that is named. Is this all we need? Good question. The Properties section is empty. Refer back to the CloudFormation VPC page I linked earlier. In this page you will find a ton of good info (and you should absolutely look at the pages for every resource you are provisioning). Specifically we are looking at Properties. You will notice there are 5 properties for a VPC but only one, CidrBlock, is required. This means that without a CidrBlock property, the deployment will fail.

Now another nit picky thing, go back to your CloudFormation designer and in the top left hit the Validate Template button (check mark in a box). What does it tell you? It will tell you the template is valid. This does not mean you have written a correct template. Again, this does not mean you have written a correct template. This simply means that your template doesn’t have any JSON or YAML errors. It doesn’t care that you are missing a required attribute, or that you mistyped CidrBlock as CirdBlock.

Anyway, back to business, we need to define the CidrBlock property for this to work correctly. I’m going to assign a CidrBlock of 172.10.0.0/16 for my VPC, so under Properties I need to add it. My resource definition will look like this:

You can add more properties if you wish but again we are going for bare minimum here. Remember that, if you add additional properties, you’ll need to add a comma at the end of each line but the last in order for it to be valid JSON. After you are done adding, I would give the Validate Template button another whirl just to double check the syntax.

Before we actually deploy this, click on the Template tab at the bottom of the page. You’ll see the template in its entirety and you can modify it here also if you wish. This is basically what your CloudFormation template would look like if you made it in a text editor, minus the Designer metadata stuff which you wouldn’t need.

Finally, let’s save a copy of this. In the top left there is a little drop down menu that lets you save a copy either to local machine or to an S3 bucket. I just named mine test.template. Make sure you save often!

And now we can do a deployment by clicking the Create Stack button in the top left corner (cloud with up arrow). When you create a stack, you have the option of either launching the designer, or pointing it at an already created file. Since we already created our file it will already be selected for us. Just hit next.

Give the stack a name, I just called mine TestStack and hit next.

Advanced options on the next page which I’m going to skip with Next, and finally we can hit Create.

This will take you back to the stack list. You will probably have to hit refresh to see the one you just created. Once you see it, it may already be finished as we just have it creating a VPC which is quick.

In general, the most common states you may see are:

Create In Progress – the stack is still building

Create Complete – the stack is finished and the build is successful

Rolling Back – the stack encountered an error while provisioning and is rolling back all the resources that were created

Rollback Complete or Create Failed – the stack encountered an error and rollback is complete.

If you click on the Events tab, you can see the various states your stack went through. Hopefully for you it is just Create In Progress and Create Complete. The Template tab will show you the template that was used to create it (and if you select the stack and use the Actions drop down button, you can go back into the template designer for the template).

Finally, let’s take a look at what it did. Go take a look at your VPCs and you should see the new VPC provisioned. Notice that it is actually not named TestVPC, or anything at all. TestVPC was what we named the resource in the CloudFormation template, not the actual VPC that was being created. We will look at this in the next post with tags. The VPC is in the exact same state as it would be if you clicked the Create VPC button and just filled out the Cidr Block field. It automatically created a Route Table and wide open Network ACL. Again there is no difference between the CloudFormation deployment and one using the console.

Hopefully this was a good opener on CloudFormation. I’ll examine some other details in future blog posts like input/output, chaining resources, and intrinsic functions.